![hide a block scriptcase hide a block scriptcase](https://demo.vdocuments.mx/img/378x509/reader024/reader/2021021812/5465ad72af795969458b4c3f/r-2.jpg)
If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out. SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. Web applications and databases allow you to regularly run your business. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
![hide a block scriptcase hide a block scriptcase](https://www.scriptcase.net/landing/img/editable_grid/editable_inline.png)
It is perhaps one of the most common application layer attack techniques used today. SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.